Black Hat Windows Security 2002 Speakers Announced
Fri, 21 Dec 2001 11:21:20 -0500
For Immediate Release
BLACK HAT WINDOWS SECURITY BRIEFINGS & TRAINING 2002 IN NEW ORLEANS ADDRESS
WINDOWS 2K, XP FLAWS & SOLUTIONS
Special focus on SQL vulnerabilities
http://www.blackhat.com/ -- 21 December 2001 -- Black Hat Inc. announced
today over 18 different speakers for this spring's Black Hat Windows
Security Briefings and Training 2002, the annual conference and workshop
designed to help computer professionals better understand the security
risks to their Microsoft Windows systems and information infrastructures by
potential threats. Speaker presentations will cover Protocol Attacks,
Voice-over-IP, Oracle vulnerabilities, Windows Group Policy, and NTLMv2
Authentication as well as General Windows Exploits, Data Recovery, Incident
Investigation & Response, and Better Protection Practices. There is also a
special focus on Microsoft SQL vulnerabilities and how to both exploit and
fix them. Black Hat Windows will be held at the Radisson Hotel in the heart
of New Orleans, 5 through 6 February, 2002.
Top-notch speakers will deliver to the conference's core audience of IT &
network security experts, consultants and administrators the newest
developments on the security problems and vital issues facing organizations
using Windows-centric networks.
"Our goal was to find speakers who could identify and explain security
vulnerabilities in some of the newer Microsoft products," says Jeff Moss,
founder of Black Hat Inc. "We've chosen some of the top speakers in the
world of Windows security who's talks should offer great insight into even
the most-recent vulnerabilities in Windows XP, Oracle and other
The lineup of Black Hat Windows Security Briefings presenters for 2001 include:
-- FX, leader of the German Phenoelit group and a Security
Solution Consultant at n.runs GmbH. He will be covering "Routing and
Tunneling Protocol Attacks".
-- Chip Andrews, Software Security Architect for the Clarus
Corporation. Andrews has been a software developer and an independent
computer security consultant for more than 16 years and specializes in
applying the skills obtained through security consulting to every aspect of
product development. Chip maintains the www.sqlsecurity.com web site that
focuses on SQL Server security issues and will be presenting "MS SQL Server
Security Mysteries Explained".
-- Ofir Arkin, Managing Security Architect for @stake. With
extensive knowledge in the information security field, Ofir Arkin has
worked as a consultant for several European finance institutes where he
played the rule of Senior Security Analyst, and Chief Security Architect in
major projects. Prior to joining @stake Ofir acted as chief security
architect for a 4th generation telecom company, were he designed the
overall security scheme for the company. Arkin will be speaking about
"VoIP: The Next Generation of Phreaking".
-- Jay Beale, founder of JJB Security Consulting and Training, and
Lead Developer of the Bastille Linux Project which creates a hardening
program for Linux and HP-UX. Beale will cover "Attacking and Defending DNS".
-- Erik Pace Birkholz, a Principal Consultant for Foundstone.
Erik's prime area of concentration is assessing Internet and Intranet
security architectures and their components. Erik has performed nearly a
hundred of attack & penetration tests since he began his career in 1995.
Erik also instructs Foundstone's "Ultimate Hacking: Hands On" and "Ultimate
NT/2000 Security: Hands On" courses. Birkholz will be detailing "How to Fix
A Broken Window".
-- Harlan Carvey, Information Security Consultant. Conducting
vulnerability assessments and penetration tests of NT led to a growth in
his use of Perl, in order to prototype both offensive and defensive
security tools. Performing incident response and forensics investigations
at a large telecomm presented him with many interesting challenges and
learning experiences. Harlan has had articles published on
SecurityFocus.com, as well as in the Information Security Bulletin. He
holds a BSEE from the Virginia Military Institute, and an MSEE from the
Naval Postgraduate School. Carvey will be looking into "NT/2K Incident
Response and Mining for Hidden Data: Post Mortem of a Windows Box".
-- Halvar Flake, Reverse Engineer, Black Hat Consulting.
Originating in the fields of copy protection and digital rights management,
Flake gravitated more and more towards network security. Over time he
realized that constructive copy protection is more or less fighting
windmills. After writing his first few exploits he was hooked and realized
that reverse engineering experience is a very handy asset when dealing with
COTS software. With extensive experience in reverse engineering, network
security, penetration testing and exploit development he recently joined
BlackHat as their primary reverse engineer. Flake will be exposing "Third
Generation Exploits on NT/Win2k Platforms".
-- Raymond Forbes (aka Rooster) has been involved with security
for over 15 years. An expert in network security and infrastructure design,
Raymond has dealt with security both on a product level, and on an IT
level. Currently, he is doing security evaluations and design for a large
content provider. Forbes will be covering "Active Directory & Group Policy
in Windows 2000".
-- JD Glaser and Saumil Shah, Security Consultants for Foundstone.
Glaser specializes in Windows NT system software development and COM/DCOM
application development. His most recent achievement was the successful
formation of NT OBJECTives, Inc., a software company exclusively centered
on building NT security tools. Saumil has had over 6 years of experience
with system administration, network architecture, integrating heterogeneous
platforms and information security, and has performed numerous ethical
hacking exercises for many significant companies in the IT arena. Both will
be speaking about "One-Way SQL Hacking: Futility of Firewalls in Web Hacking".
-- Jim Harrison, Microsoft tester with the Subscription Products
Group. As a known authority of ISA Server's vast enterprise configuration
options, Jim consults for various Microsoft groups on proper deployment and
installation of the product. Currently, Jim is engaged in different test
projects designing integrated solutions for Microsoft's intra- and
extranets. He will be reviewing the art of "Deploying and Securing
Microsoft Internet Security and Acceleration Server".
-- David Litchfield, Managing Director & Co-Founder, Next
Generation Security Software. Known as the UK's NT Guru by ZDNet, David is
a world-renowned security expert specializing in Windows NT and Internet
security. His discovery and remediation of over 100 major vulnerabilities
in products such as Microsoft's Internet Information Server and Oracle's
Application Server have lead to the tightening of sites around the world.
Litchfield will be looking into "Oracle Vulnerabilities" including the two
security issues in the Oracle Apache Module he announced yesterday.
-- Timothy Mullen, CIO and Chief Software architect, AnchorIS.Com.
AnchorIS.com is a developer of secure enterprise-based accounting
solutions. Mullen is also a columnist for Security Focus' Microsoft Focus
section, and a regular contributor of InFocus technical articles. He will
be giving a presentation about "Web Vulnerability and SQL Injection
Countermeasures: Securing Your Servers From the Most Insidious of Attacks".
-- Laura Robinson, Independent Consultant and Trainer. Robison is
a Microsoft Certified Trainer and Systems Engineer on both NT and Windows
2000; a Certified Lotus Professional Systems Administrator, Application
Developer and Instructor; and an instructor for Real World Security's
@ctive Defense education series. She will be speaking on "The Devil Inside:
Planning Security in Active Directory Design".
-- Eric Schultz, Senior Technologist, Microsoft Security
Strategies Group. Schultz has memorized every security hotfix ever released
by Microsoft in a security bulletin. In his spare time, he maintains the
Microsoft hotfix XML database and designs new features for HFNetChk. Eric
is a former Founder of Foundstone, co-creator of the Extreme/Ultimate
Hacking training classes, and technical editor for the Hacking Exposed:
Windows 2000 book. Schultz will tell attendees "How to keep up with all
those frickin security patches".
-- Roelof Temmingh, Technical Director and Founding Member,
SensePost. After obtaining his degree in electronic engineering in 1995, he
started his career working as a programmer at a cutting edge development
company specializing in data encryption devices. Establishing SensePost
along with some of South Africa's leading IT security minds Roelof is
currently involved in the coding of proof of concept code, and the
practical realization of complex security concepts. Temmingh will cover
"Bi-directional Communications in a Heavily Protected Environment".
-- Jonathan Wilkins, Security Tool Developer. Wilkins has been
active in the security community since the early 1990's. He worked for
Secure Networks Inc developing Ballista (now Network Associate's CyberCop
Scanner) and at Zero Knowledge on the Freedom privacy suite. He has
released several security tools including NTCrack and has been publishing
security research since 1996. Wilkins will introduce attendees to
"Taranis", a security research tool that "redirects traffic on switch
hardware by sending spoofed ethernet traffic".
-- Hidenobu Seki (aka Urity), Network Security Specialist,
SecurityFriday.com. Seki has a deep interest in the authentication system
of MS Windows and will show the details of "Cracking NTLMv2 Authentication".
Black Hat Windows Training includes 7 different sessions and will occur
prior to the Briefings portion of the conference 5 through 6 February,
2002. Workshops will primarily focus on the Windows 2000 platform and also
touch upon Windows NT, general Windows Web applications and ICMP scanning.
-- Advanced Scanning with ICMP
-- Auditing Binaries: Reverse Engineering Windows 2000
-- Complete Windows 2000 Security
-- NT Network Intrusion
-- Secure Development of Data-Driven Web Applications
-- NSA InfoSec Assessment Methodology Course
-- Foundstone's Ultimate Hacking: Black Hat Edition
For more details, check the conference Web site at http://www.blackhat.com.
Other special features of this year's Black Hat Windows Security conference
include that the dates are just after the Super Bowl XXXVI being held at
the nearby Louisiana Superdome two days before the show, and in the days
following the conference, attendees can experience New Orleans' Mardi Gras
-- where the main parade goes right past the hotel (special negotiations
occurred to allow attendees to book their hotel rooms as early as Feb. 1st
all the way through Mardi Gras on Feb. 12th).
Attendees will also have access to a wireless network during the show.
To register for BlackHat Windows Security Briefings and Training, visit the
Web site at http://www.blackhat.com. Direct any conference-related
questions to email@example.com.
For press registration information, visit
http://www.blackhat.com/html/bh-link/pressreg.html. Contact B.K. DeLong at
+1.617.877.3271 or via email at firstname.lastname@example.org.
About Black Hat Inc.
Black Hat Inc. was originally founded in 1997 by Jeff Moss to fill the need
for computer security professionals to better understand the security risks
and potential threats to their information infrastructures and computer
systems. Black Hat accomplishes this by assembling a group of
vendor-neutral security professionals and having them speak candidly about
the problems businesses face and their solutions to those problems. Black
Hat Inc. produces 5 briefing & training events a year on 3 different
continents. Speakers and attendees travel from all over the world to meet
and share in the latest advances in computer security. For more
information, visit their Web site at
Black Hat Briefings